diff --git a/apparmor-2.9.1.tar.gz b/apparmor-2.9.1.tar.gz deleted file mode 100644 index 0e1f685..0000000 --- a/apparmor-2.9.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a63b8724c36c29ed438c9e3ca403bfeeb6c998a45990e300aa1b10faa23a0a22 -size 2326385 diff --git a/apparmor-2.9.1.tar.gz.asc b/apparmor-2.9.1.tar.gz.asc deleted file mode 100644 index 89229b2..0000000 --- a/apparmor-2.9.1.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlSQnFwACgkQgTeYuayTEnFcvwCeI9W6R1FcXVc1idSM49d4NbJq -em8AoLL3ZThgKwyHdo1W17iuJuWNmYDs -=N8ne ------END PGP SIGNATURE----- diff --git a/apparmor-2.9.2.tar.gz b/apparmor-2.9.2.tar.gz new file mode 100644 index 0000000..86bd926 --- /dev/null +++ b/apparmor-2.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d01156e1ec50deada519fd4e8821677274b1d43418fda3bc4b25f1d38ea75ed5 +size 2336566 diff --git a/apparmor-2.9.2.tar.gz.asc b/apparmor-2.9.2.tar.gz.asc new file mode 100644 index 0000000..dc670da --- /dev/null +++ b/apparmor-2.9.2.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABCgAGBQJVOV6LAAoJEGaJ5k49NmS7yj8P/Am7QAfhveBAfHy1xbUTHdWy +Y/LRsM0x4uebNr7ZK1Zy31WqecJLhzXhli58SPf4lvrfb2fOTp9txI3YHYrmB5Lg +Mn3DhyRcr8Cov6WqPdYmG3dj/fUZSrs1wz6Ryt0zg9SMxu1CGiaZvD34QS0dGBbs +1JB5PhjqbM54JfsjsMtmqZKviVq7k9+k4Wojzb1MIXD9w70uUj1PiJHJ5nryHFy5 +2KdBNxVTbG9QJCFeBqpchbW6VvunG7NQIRovpRYqEMOJF/UCcBRGdBRLWETCSdfu +pDy+Sj30VJ9ik7cxRkxB0kn1U1UqGwUMHekjtdSX4Dm8LCSYQR0Wa9KAoiyoh787 +o2cSeeonI0uF5xXzEqLvaVrWsGPucdWfokN1SjuppWPHrSY50Tgtl1791gnTWTw+ +CbLeOP6fVq2iwJ8jPVDdGL3T8xZ7yBGH44XOB4r5rUbNSw8pau86RC+pSf/McHQ7 +WmShsVNDAfWxuLBDvfr9bGCSPL3Hk7SrSgOM5CZS2OspABllFmqXdIn6fuySO73I +AyCDwr9qGAbQMIvNGn1DmF4GyVc1LPRctBRwz91j6//hjVewSpgtRT45BYdRp3mO +cy/5XWdXbVFg/srctH91YNeUt0/F/fepEbqLR7MQ55q8cCQNo28/9PfL0JEovu1x +tnGkNHea0o2YNxv2NZfK +=gIwg +-----END PGP SIGNATURE----- diff --git a/apparmor-abstractions-no-multiline.diff b/apparmor-abstractions-no-multiline.diff index c03cbc4..b5a2c8a 100644 --- a/apparmor-abstractions-no-multiline.diff +++ b/apparmor-abstractions-no-multiline.diff @@ -3,7 +3,7 @@ Index: profiles/apparmor.d/abstractions/X =================================================================== --- profiles/apparmor.d/abstractions/X.orig 2014-10-18 13:11:18.498652324 +0200 +++ profiles/apparmor.d/abstractions/X 2014-10-18 13:11:31.097494817 +0200 -@@ -23,9 +23,7 @@ +@@ -24,9 +24,7 @@ # the unix socket to use to connect to the display /tmp/.X11-unix/* w, diff --git a/apparmor-changes-since-2.9.1.diff b/apparmor-changes-since-2.9.1.diff deleted file mode 100644 index 3ec6534..0000000 --- a/apparmor-changes-since-2.9.1.diff +++ /dev/null @@ -1,374 +0,0 @@ ------------------------------------------------------------- -revno: 2839 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Sun 2015-01-18 14:57:10 +0100 -message: - Add some tests for logparser.py based on the log lines from - https://bugs.launchpad.net/apparmor/+bug/1399027 - - Also move some existing tests from aa_test.py to test-logparser.py and - adds checks for RE_LOG_v2_6_audit and RE_LOG_v2_6_syslog to them. - - - Acked-by: Steve Beattie for trunk and 2.9 ------------------------------------------------------------- -revno: 2838 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Sat 2015-01-17 14:35:38 +0100 -message: - update logparser.py to support the changed syslog format by adding - (audit:\s+)? to RE_LOG_v2_6_syslog - - References: https://bugs.launchpad.net/apparmor/+bug/1399027 - - - Acked-by: Seth Arnold (for trunk) - - Acked-by: Steve Beattie for 2.9 as well ------------------------------------------------------------- -revno: 2837 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Mon 2014-12-22 17:57:40 +0100 -message: - Fix the dnsmasq profile to allow executing bash to run the --dhcp-script - argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt - leasehelper script to run even on x86_64. - - References: https://bugzilla.opensuse.org/show_bug.cgi?id=911001 - - Patch by "Cédric Bosdonnat" - - Note: the original patch used {lib,lib64} - I changed it to lib{,64} to - match the style we typically use. - - Acked-by: John Johansen - - (backport of trunk r2841) ------------------------------------------------------------- -revno: 2836 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Mon 2014-12-22 17:51:02 +0100 -message: - update and cleanup usr.sbin.dovecot profile - - Add #include to the usr.sbin.dovecot - profile. Effectively this adds "deny capability block_suspend," which - is the only missing part from - https://bugs.launchpad.net/apparmor/+bug/1296667/ - - Also remove "capability setgid," (covered by - abstractions/dovecot-common) and "@{PROC}/filesystems r," (part of - abstractions/base). - - Acked-by: John Johansen - - (backport of trunk r2840) ------------------------------------------------------------- -revno: 2835 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Mon 2014-12-22 17:43:54 +0100 -message: - Add some missing /run/dovecot/* to usr.lib.dovecot.imap{, -login} - - Add the needed permissions as reported in - https://bugs.launchpad.net/apparmor/+bug/1296667/ comment #1 - to the usr.lib.dovecot.imap and imap-login profiles. - - Acked-by: John Johansen - - (backport of trunk r2839) ------------------------------------------------------------- -revno: 2834 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Mon 2014-12-22 17:39:29 +0100 -message: - update the mysqld profile in the extras directory to - something that works on my servers ;-) - - Acked-by: John Johansen - - (backport of trunk r2838) ------------------------------------------------------------- -revno: 2833 -committer: Christian Boltz -branch nick: 2.9 -timestamp: Fri 2014-12-19 13:57:12 +0100 -message: - fix network rule description in apparmor.d.pod - - (backport from trunk r2837) - - Acked-by: John Johansen (for trunk) - - Acked-by: Steve Beattie (for 2.9) ------------------------------------------------------------- - - -=== modified file 'parser/apparmor.d.pod' ---- parser/apparmor.d.pod 2014-12-12 14:20:31 +0000 -+++ parser/apparmor.d.pod 2014-12-19 12:57:12 +0000 -@@ -61,7 +61,7 @@ - B = (lowercase capability name without 'CAP_' prefix; see - capabilities(7)) - --B = 'network' [ [ I ] [ I ] [ I ] ] ',' -+B = 'network' [ [ I [ I | I ] ] | [ I ] ] ',' - - B = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'bluetooth' | 'netlink' ) ',' - - -=== modified file 'profiles/apparmor.d/usr.lib.dovecot.imap' ---- profiles/apparmor.d/usr.lib.dovecot.imap 2014-09-25 22:37:14 +0000 -+++ profiles/apparmor.d/usr.lib.dovecot.imap 2014-12-22 16:43:54 +0000 -@@ -26,6 +26,7 @@ - - @{HOME} r, # ??? - /usr/lib/dovecot/imap mr, -+ /{,var/}run/dovecot/auth-master rw, - - # Site-specific additions and overrides. See local/README for details. - #include - -=== modified file 'profiles/apparmor.d/usr.lib.dovecot.imap-login' ---- profiles/apparmor.d/usr.lib.dovecot.imap-login 2014-06-27 19:14:53 +0000 -+++ profiles/apparmor.d/usr.lib.dovecot.imap-login 2014-12-22 16:43:54 +0000 -@@ -24,6 +24,7 @@ - network inet6 stream, - - /usr/lib/dovecot/imap-login mr, -+ /{,var/}run/dovecot/anvil rw, - /{,var/}run/dovecot/login/ r, - /{,var/}run/dovecot/login/* rw, - - -=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq' ---- profiles/apparmor.d/usr.sbin.dnsmasq 2014-12-02 17:46:26 +0000 -+++ profiles/apparmor.d/usr.sbin.dnsmasq 2014-12-22 16:57:40 +0000 -@@ -45,6 +45,8 @@ - - /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage - -+ /bin/bash ix, # Required to execute --dhcp-script argument -+ - # access to iface mtu needed for Router Advertisement messages in IPv6 - # Neighbor Discovery protocol (RFC 2461) - @{PROC}/sys/net/ipv6/conf/*/mtu r, -@@ -64,7 +66,7 @@ - /{,var/}run/libvirt/network/*.pid rw, - - # libvirt lease helper -- /usr/lib/libvirt/libvirt_leaseshelper ix, -+ /usr/lib{,64}/libvirt/libvirt_leaseshelper ix, - /{,var/}run/leaseshelper.pid rwk, - - # NetworkManager integration - -=== modified file 'profiles/apparmor.d/usr.sbin.dovecot' ---- profiles/apparmor.d/usr.sbin.dovecot 2014-09-03 19:45:56 +0000 -+++ profiles/apparmor.d/usr.sbin.dovecot 2014-12-22 16:51:02 +0000 -@@ -15,6 +15,7 @@ - /usr/sbin/dovecot { - #include - #include -+ #include - #include - #include - #include -@@ -25,7 +26,6 @@ - capability fsetid, - capability kill, - capability net_bind_service, -- capability setgid, - capability setuid, - capability sys_chroot, - -@@ -34,7 +34,6 @@ - /etc/lsb-release r, - /etc/SuSE-release r, - @{PROC}/@{pid}/mounts r, -- @{PROC}/filesystems r, - /usr/bin/doveconf rix, - /usr/lib/dovecot/anvil Px, - /usr/lib/dovecot/auth Px, - -=== modified file 'profiles/apparmor/profiles/extras/usr.sbin.mysqld' ---- profiles/apparmor/profiles/extras/usr.sbin.mysqld 2007-05-16 18:51:46 +0000 -+++ profiles/apparmor/profiles/extras/usr.sbin.mysqld 2014-12-22 16:39:29 +0000 -@@ -1,6 +1,9 @@ -+# Last Modified: Mon Dec 1 22:23:12 2014 -+ - # ------------------------------------------------------------------ - # - # Copyright (C) 2002-2005 Novell/SUSE -+# Copyright (C) 2014 Christian Boltz - # - # This program is free software; you can redistribute it and/or - # modify it under the terms of version 2 of the GNU General Public -@@ -8,12 +11,12 @@ - # - # ------------------------------------------------------------------ - # vim:syntax=apparmor --# Last Modified: Wed Aug 17 14:28:07 2005 - - #include - - /usr/sbin/mysqld { - #include -+ #include - #include - #include - -@@ -21,8 +24,22 @@ - capability setgid, - capability setuid, - -+ /etc/hosts.allow r, -+ /etc/hosts.deny r, - /etc/my.cnf r, -+ /etc/my.cnf.d/ r, -+ /etc/my.cnf.d/*.cnf r, -+ /root/.my.cnf r, -+ /usr/lib{,32,64}/**.so mr, - /usr/sbin/mysqld r, -+ /usr/share/mariadb/*/errmsg.sys r, -+ /usr/share/mysql-community-server/*/errmsg.sys r, - /usr/share/mysql/** r, -- /var/lib/mysql/** lrw, -+ /var/lib/mysql/ r, -+ /var/lib/mysql/** rwl, -+ /var/log/mysql/mysqld-upgrade-run.log w, -+ /var/log/mysql/mysqld.log w, -+ /var/log/mysql/mysqld.log-20* w, -+ /{,var/}run/mysql/mysqld.pid w, -+ - } - -=== modified file 'utils/apparmor/logparser.py' ---- utils/apparmor/logparser.py 2014-08-20 22:55:44 +0000 -+++ utils/apparmor/logparser.py 2015-01-17 13:35:38 +0000 -@@ -25,7 +25,7 @@ - _ = init_translation() - - class ReadLog: -- RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=') -+ RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=') - RE_LOG_v2_6_audit = re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=') - # Used by netdomain to identify the operation types - # New socket names - -=== modified file 'utils/test/aa_test.py' ---- utils/test/aa_test.py 2014-07-26 00:49:06 +0000 -+++ utils/test/aa_test.py 2015-01-18 13:57:10 +0000 -@@ -86,29 +86,6 @@ - for path in globs.keys(): - self.assertEqual(apparmor.aa.glob_path_withext(path), globs[path], 'Unexpected glob generated for path: %s'%path) - -- def test_parse_event(self): -- parser = apparmor.logparser.ReadLog('', '', '', '', '') -- event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30' -- parsed_event = parser.parse_event(event) -- self.assertEqual(parsed_event['name'], '/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg', 'Incorrectly parsed/decoded name') -- self.assertEqual(parsed_event['profile'], '/usr/sbin/httpd2-prefork//vhost_foo', 'Incorrectly parsed/decode profile name') -- self.assertEqual(parsed_event['aamode'], 'PERMITTING') -- self.assertEqual(parsed_event['request_mask'], set(['w', 'a', '::w', '::a'])) -- #print(parsed_event) -- -- #event = 'type=AVC msg=audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name=74657374207370616365 pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0' -- #parsed_event = apparmor.aa.parse_event(event) -- #print(parsed_event) -- -- event = 'type=AVC msg=audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000' -- parsed_event = parser.parse_event(event) -- self.assertEqual(parsed_event['name'], '/home/foo/.bash_history', 'Incorrectly parsed/decoded name') -- self.assertEqual(parsed_event['profile'], 'foo bar', 'Incorrectly parsed/decode profile name') -- self.assertEqual(parsed_event['aamode'], 'PERMITTING') -- self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a','::r' , '::w', '::a'])) -- #print(parsed_event) -- -- - def test_modes_to_string(self): - - for string in self.MODE_TEST.keys(): - -=== added file 'utils/test/test-logparser.py' ---- utils/test/test-logparser.py 1970-01-01 00:00:00 +0000 -+++ utils/test/test-logparser.py 2015-01-18 13:57:10 +0000 -@@ -0,0 +1,71 @@ -+# ---------------------------------------------------------------------- -+# Copyright (C) 2013 Kshitij Gupta -+# Copyright (C) 2015 Christian Boltz -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of version 2 of the GNU General Public -+# License as published by the Free Software Foundation. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# ---------------------------------------------------------------------- -+import unittest -+ -+from apparmor.logparser import ReadLog -+ -+class TestParseEvent(unittest.TestCase): -+ def setUp(self): -+ self.parser = ReadLog('', '', '', '', '') -+ -+ def test_parse_event_audit_1(self): -+ event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30' -+ parsed_event = self.parser.parse_event(event) -+ self.assertEqual(parsed_event['name'], '/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg') -+ self.assertEqual(parsed_event['profile'], '/usr/sbin/httpd2-prefork//vhost_foo') -+ self.assertEqual(parsed_event['aamode'], 'PERMITTING') -+ self.assertEqual(parsed_event['request_mask'], set(['w', 'a', '::w', '::a'])) -+ -+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_audit.search(event)) -+ self.assertIsNone(ReadLog.RE_LOG_v2_6_syslog.search(event)) -+ -+ def test_parse_event_audit_2(self): -+ event = 'type=AVC msg=audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000' -+ parsed_event = self.parser.parse_event(event) -+ self.assertEqual(parsed_event['name'], '/home/foo/.bash_history') -+ self.assertEqual(parsed_event['profile'], 'foo bar') -+ self.assertEqual(parsed_event['aamode'], 'PERMITTING') -+ self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a','::r' , '::w', '::a'])) -+ -+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_audit.search(event)) -+ self.assertIsNone(ReadLog.RE_LOG_v2_6_syslog.search(event)) -+ -+ def test_parse_event_syslog_1(self): -+ # from https://bugs.launchpad.net/apparmor/+bug/1399027 -+ event = '2014-06-09T20:37:28.975070+02:00 geeko kernel: [21028.143765] type=1400 audit(1402339048.973:1421): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/dev/tty" pid=14335 comm="hello" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0' -+ parsed_event = self.parser.parse_event(event) -+ self.assertEqual(parsed_event['name'], '/dev/tty') -+ self.assertEqual(parsed_event['profile'], '/home/cb/linuxtag/apparmor/scripts/hello') -+ self.assertEqual(parsed_event['aamode'], 'PERMITTING') -+ self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a', '::r', '::w', '::a'])) -+ -+ self.assertIsNone(ReadLog.RE_LOG_v2_6_audit.search(event)) -+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_syslog.search(event)) -+ -+ def test_parse_event_syslog_2(self): -+ # from https://bugs.launchpad.net/apparmor/+bug/1399027 -+ event = 'Dec 7 13:18:59 rosa kernel: audit: type=1400 audit(1417954745.397:82): apparmor="ALLOWED" operation="open" profile="/home/simi/bin/aa-test" name="/usr/bin/" pid=3231 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0' -+ parsed_event = self.parser.parse_event(event) -+ self.assertEqual(parsed_event['name'], '/usr/bin/') -+ self.assertEqual(parsed_event['profile'], '/home/simi/bin/aa-test') -+ self.assertEqual(parsed_event['aamode'], 'PERMITTING') -+ self.assertEqual(parsed_event['request_mask'], set(['r', '::r'])) -+ -+ self.assertIsNone(ReadLog.RE_LOG_v2_6_audit.search(event)) -+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_syslog.search(event)) -+ -+ -+if __name__ == "__main__": -+ unittest.main(verbosity=2) - diff --git a/apparmor-fix-stl-ostream.diff b/apparmor-fix-stl-ostream.diff deleted file mode 100644 index c34f2bb..0000000 --- a/apparmor-fix-stl-ostream.diff +++ /dev/null @@ -1,35 +0,0 @@ -Index: parser/dbus.cc -=================================================================== ---- parser/dbus.cc.orig 2014-10-08 22:20:20.000000000 +0200 -+++ parser/dbus.cc 2015-02-24 14:10:15.656288643 +0100 -@@ -149,7 +149,7 @@ ostream &dbus_rule::dump(ostream &os) - if (interface) - os << " interface=\"" << interface << "\""; - if (member) -- os << " member=\"" << member << os << "\""; -+ os << " member=\"" << member << "\""; - - if (!(mode & AA_DBUS_BIND) && (peer_label || name)) { - os << " peer=( "; -Index: parser/af_rule.cc -=================================================================== ---- parser/af_rule.cc.orig 2014-09-03 22:34:10.000000000 +0200 -+++ parser/af_rule.cc 2015-02-24 14:14:31.851251654 +0100 -@@ -148,11 +148,14 @@ ostream &af_rule::dump_peer(ostream &os) - - ostream &af_rule::dump(ostream &os) - { -- os << dump_prefix(os); -+ dump_prefix(os); - os << af_name; -- os << dump_local(os); -+ dump_local(os); - if (has_peer_conds()) -- os << " peer=(" << dump_peer(os) << ")"; -+ { -+ os << " peer=("; -+ dump_peer(os) << ")"; -+ } - os << ",\n"; - - return os; diff --git a/apparmor.changes b/apparmor.changes index 58effa6..98018c6 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Apr 24 20:21:32 UTC 2015 - opensuse@cboltz.de + +- update to AppArmor 2.9.2 (2.9 branch r2911) + - lots of bugfixes in the parser and the aa-* tools (including + boo#918787) + - update dovecot and dnsmasq profiles and several abstractions + (including boo#911001) + - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the + full changelog +- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and + apparmor-fix-stl-ostream.diff +- replace GPG key with new AppArmor GPG signing key, see + https://launchpad.net/apparmor/+announcement/13404 + ------------------------------------------------------------------- Fri Apr 17 18:46:08 UTC 2015 - opensuse@cboltz.de diff --git a/apparmor.keyring b/apparmor.keyring index 7ef77b6..bd83a07 100644 --- a/apparmor.keyring +++ b/apparmor.keyring @@ -1,82 +1,65 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 -mQGiBEPw2O4RBAD8PZ+0NfCEIBjuDXQjdb6vi642wRIrN7v67GTfNQ+uggGKESRe -grFumlArz5MbJVLinyIsCqigwyBpspXeyP6cMrzTudmmwQJJN9caejoAu5029wjX -WTrfwsPbqavwcQSfZlVJOKjLplUCzOcb808UOMYISz5mZmFGzfJpPLTMtwCg4CH+ -e9ZoyqMz1GrkPqjWeOVHgjMD/1D/PW8c1DzBar6zaxNXtQOLtlWn5eqLwWJX7XhG -DM2YPD0vWyPYnx/5agg6YyouO6xiNi4lPDvEUu8+PqHHZz7Cl9Iu36ruAuhc87vQ -U10frmHHcdNoko/aetFfNSrXwD+mEhhrob0kIEEIe4K+KfTPKC+aQuUVwciuDiM1 -+7ukA/46YWHIwkqFCUzjhJwu5hb4kGeYS1bcMrD5xCMcVzUdJPFcmz1AVclwAZ61 -PYRRUs4xOJ5QeQty/1n4L5ylOJ8mfzXartC4ZY0OqDrXgLg/HhxPfvLfKvZ9xvBq -AIIJeqGmN2Dq/+Q70kA/5Ck4hUABBoTMQZABWQkCh3POwMCwhbRMQXBwQXJtb3Ig -RGV2ZWxvcG1lbnQgVGVhbSAoQXBwQXJtb3Igc2lnbmluZyBrZXkpIDxhcHBhcm1v -ckBsaXN0cy51YnVudHUuY29tPohqBBMRCgAqAhsDAh4BAheAAhkBBQsJCAcDBRUK -CQgLBRYCAwEABQJNXEDoBQkPDwJtAAoJEIE3mLmskxJxVFgAnjSeh2O03PKF0UJz -T13Fn1yK1IvaAJ9bQ3EuAw03b/RkIQUx5SQSXyDDdIhqBBMRCgAqAhsDBQkJZgGA -Ah4BAheAAhkBBQJMjkjTBQsJCAcDBRUKCQgLBRYCAwEAAAoJEIE3mLmskxJxQ4wA -oMb9+wVfGopVNTM/pwAFH+vcE1MaAKCUq/IOsOI0yRY7QVre3Rinzpy2/ohqBBMR -CgAqAhsDBQkJZgGAAh4BAheAAhkBBQJMoOLLBQsJCAcDBRUKCQgLBRYCAwEAAAoJ -EIE3mLmskxJxy6UAoN0PvpcVaBF9j6s46I6y5p12MBH3AJ0aiUVZj78cjyEprsJ6 -nuWqDm+dS4kCIAQQAQoACgUCTI5JiAMFAXgACgkQLwmejQBegfQtjw//ZVFIv/UR -CsfamtmqEE/nZ7XfTh495SjHGQy3q4nZvLyfHHiF+XVQtD7JIlHzYpwGz4kla73c -aM/tLts6bhNgVKQPqazi59NwrHV5dwCiP9B+pX2wdBsjNfgGROiPcVugO+R3hJst -6JwbQ7P0wKM0MelySPaYL67K69/NsSCrhR4ds5DF0if7yIwKCZF5U9B2PTwe1UOt -U09JP0mk0rMuZSe/nqgM4DCIa1zk2NwXxRG3EC7S4oEl9/yez7EgNRh54sRPFXXb -craW5oosZRo1bJtp3Pn9cQPH8acObmw7B5lqRQD5lgpdTi4KewqFpTbgKFOqyMrB -0Dk3ZR8K968yEdsVJnp9kjSMCkcETszi4bODBqF+dsLErZxr1WPXY77Hbt8hlAEK -sX+ebsHFDKM95IMKbMKawdnw+RBDU/b5B5N6z7WokFY6G0/l0xI4B1mAi2kqNo6b -vtZ1Ss6Y3yHzRxL1+qfEZQ4XsMQ7raMZ2zZnnVxH0amF4JD4iPVxt882VwABys/F -abwh39NZVjz/39VA3cCNdwys/AO1fGJ9SvhiZrhORP/17qXH+zV9EqZyoLB3oAZG -UAyFo2Wzdk/m2lJhk3+2DAzxojvp8xrjhZg6GsQW98dHOVg3lWL3KdwK7hR7nV6Z -M5N9xawzkjwM6GJJ81ewk1l5L3IuCTdU0WGIagQTEQoAKgIbAwIeAQIXgAIZAQUL -CQgHAwUVCgkICwUWAgMBAAUCUwFh/gUJEPG8hQAKCRCBN5i5rJMScanlAKDWnPJE -GRDtnSgFmBTIb7qTGfyGOgCgn2twDY+VYYACfjfL5wSzBIvbplOJARwEEAECAAYF -AlIOZ2YACgkQ8yFyWZ2NLpf95AgAqLVKvGMe9AU6bOKN9EdI6NPIDBYIqVMq2cmK -xJ6k8PDSwJlLefCXo+V4Fo0FAgI6lQma6PpjNKfB2RwJzBRr90wDeDf4LopSYLTp -tXF7R/IZ1apx5xn54sQobdHDQNGCprkljSJmyZlvpXJNbyAJNPU90Cbj52ZnEuaY -LKqE5TOfvr4hQ49DFyVU7CFsFzWqjDKo4+2d3DDMcDC658h10jqkNGuW0kvIn1sL -B/WysMcXXe4Uj+mlvBT+aCYSmQhqjiDx7mEaDyq0g/wVI16JvfOj/snL1RE629DE -dGLiSJiyppXUKN7uUPtBTfGVcaQl+37MOi6DJ7KkKF0Sd0OYHbRQQXBwQXJtb3Ig -RGV2ZWxvcG1lbnQgVGVhbSAoQXBwQXJtb3Igc2lnbmluZyBrZXkpIDxhcHBhcm1v -ci1kZXZAZm9yZ2Uubm92ZWxsLmNvbT6IRgQQEQIABgUCQ/DcnQAKCRCq4Ef4O5hq -8zHbAKCdvXzNIDqtgYk1f/bsuPkeS3kX7QCeI8eHe/s7pK4BNJ+LP8fIsXQPpwmI -TAQQEQIADAUCQ/DrnQWDCWXu0QAKCRD72e4z2bCgmU6AAJ4gd95sCBuJrT41eKfF -jJgbKkk3PQCdF/v8Hx6UKbwU2QTnXZvTDt54gcmITAQQEQIADAUCQ/Dr5QWDCWXu -iQAKCRCv5SzGOaalP97MAKDo/w3w/13SGGhddksiJx6CsIydmACgnZM8wQf+uQCn -D05sP8IWMVVU18CIZgQTEQIAJgUCQ/DY7gIbAwUJCWYBgAYLCQgHAwIEFQIIAwQW -AgMBAh4BAheAAAoJEIE3mLmskxJxgCsAn0tuS2wJQ1OIz+Uy1xiVidW0q6u/AJ9J -ElRNwTFgvK4+fmVJWTyvLxUBZYhnBBMRAgAnAhsDAh4BAheABQsJCAcDBRUKCQgL -BRYCAwEABQJNXEEDBQkPDwJtAAoJEIE3mLmskxJxAD0An1LlCGM3KFMx6esXKwBV -7wKrOItGAJ9XA/0RTuFYxlUcHgjnpgbbpnro0YhnBBMRAgAnAhsDBQkJZgGAAh4B -AheABQJMoOLgBQsJCAcDBRUKCQgLBRYCAwEAAAoJEIE3mLmskxJxKxIAoJS5dvwi -iylcYdF1O/k6exULYN6lAKCnIDB/prGCAsNI5Q4u7MO607fLL4hnBBMRAgAnAhsD -Ah4BAheABQsJCAcDBRUKCQgLBRYCAwEABQJTAWIsBQkQ8byFAAoJEIE3mLmskxJx -wgAAn0ubiW6hY0nSav7+U4V9gklKhvViAJ9Bx6SgTw4NzJhulZKOCr8TrrCuM7kE -DQRD8NsGEBAAgakVLKVcf5Q1//PvVRy9xEYjLrao27eOrj39O/RFqk/Tex2H9dmt -ZApN5eXDo4ckWiDrveW8gKp3wLk7z/ZB4Tz5zgeM7VB3BSVjnOJiTE4Szf4eADRE -2lYfu1kIBgV/4sHUnwXFMb25Rh9k4E37ZRA+jpq6L71xtGmqHN9OQUKojz9TRDew -nzXzdOiPiJRNLHxIx5U2LFmcwx72dvTIDKdA8i91nlo4I0VBOMv8sIkVu+1jniff -G4jcMoGzZGKc70BG8ZcXgZnYh8wjCxb6l9t/iD5lVbRtGJPtonjUfc4i+AMRhPlb -2rgDBpMlS2QxPm01aca2BkW1u4jAzc1+NBUlFSxQ1hULVmmGn4VgB5guFB4rb1ru -LWMUkOfUZUFGi08ZD3qeEqjrYpq+Q5IAhnflxWNVIOxnvHBlbRrA5RTHBmy9kn6J -QZxgYKViTk8fjpr37Dyb9McL+4yxq+fydYUA0sLJSeg/vNqm7tS3KtBsN9vKiPTi -tT1fb+DAz0VglV/4Jk6H4VWPNjaJRYdqh8rZSdcQXUUJjSZZDHTbUh7Oa5l33sPf -aaru1zfPuhcjecJX3trS1ZkjfX17CUmMt/WzIeP44MObtktsJdqX0LaGsgMSOP/O -wjr53nHc1y1OZFL/ScO6MHJnYDZVz03mW9VHzB8ZYLdA+BSBUiBH7S8ABA0P/jcl -vD9ycltAPNWmG/q2gmW8BOLcaYmjfiDZ/sWig1w2A3yoglIGDX3l10K1laXIjQtD -O3rylXZw2x/fBaslAhObQsaarXcPidYuo3h1rQXTy+0wshpMU97V1H6XQVDKJlvE -ajyS6j0PidjS1PvxXjaF0wD68vpXJsfK69mthIhM1cQFoLlUjz4GzntfOqhQWt24 -MIk+y3KRChzWN21XXHbBtoFhlFMwU6So0tgGCgwVXZom1jNdZnhchy/1Ek2wsXxs -dd6FX80n7RGNJ5IqHw2fE7k8sN6AGuaxf3FDVSJOMb4ApxH87k7DDWxBuRRuleu9 -fNHOKh3InOxsAHbwy1ljg2BAWnl5XnTZpczajkO0MuxHqX64WsBYrfMB2dtpyjx6 -GplDcguL699pVuWs0iMq6Vs4sgJaR464ns1WfUwkKy2riCtrDLwnNldCORQtUodV -x9wkmp8G7OzhARbDOG6uiawjkVAMrFrP1ut27qLOs/83/PKCMJ/iQ1h/esfJWqal -xVPvXwQl5A5ny7QpWx7G4cyLxyd8VvwsU87HMnn8buhDj/QALsZCAtauGqM9w1GR -Y3fnVcNKCloDgoBy/zGmpFSAMo4OZbj4y+Vnt175MWQ3KHVxYkwbsjzZYgDYWMOB -O8BlV41xSc8sqWM8Xm7+EUzbsk6hgkKqD+R2YSveiE8EGBECAA8FAkPw2wYCGwwF -CQlmAYAACgkQgTeYuayTEnHTiACgr3VoPwEFWOubuBM8cj/7fGWtmN0AnAqZiEd0 -qr4ei1P//IqrpJif8SI4iE8EGBECAA8FAkPw2wcCGwwFCQlmAYAACgkQgTeYuayT -EnFVPACg0VjGyWMniZ94t/EKcNziWd/01Z8An2vIS4inaHCws74JVV8vUNSVRajP -=nbr7 +mQINBFUwHrABEADZVFn6TF2SxrpMiknHVeUHW7l4mOjHcxtULlEOQ3yaxyNxA0iE +GFWnbP7ek2cjzrfNIA1HNiS0FNsKipRAd5EfRUvJO3lrVfPBRBMLExeyA5h8vXtc +fcp9zpmKAlNVkx85LtVHxch6eUZapNPwqxKJFiDCrFM/zGk4vbRODy2KO3C8XWiy +gHQEW4mjPEsJw6xhyNC63LpCRol7qQu8j6rLJur7GWzSaLKgcUpDktsMJhNRPmCd +Dzb4mbEsbSmWUZ0C2e4HqTs6yjkc3HCIPCsxi4Y8e55qVJRvmOvlx0vGqfUrZyXD +cUQb8PX02V7sjA1DvE4PnZ8yHj1bS7/Q9x+R5ZjTMkqQ0cYXFnMb8pJ/oZucwl41 +RM7Nc57J7XLJmLRv/E7OL4v9DrobIPMOLvAU+PPdYzw+mUZx0jElOo84135nR/0K +EC7twaZxXVfF79iCY3OEhbHlPUH+62ucfcIdiV+TBKMhx70XJb4qDn1iDo2XW++N +8LF+7sZNLJnfJ7QfHUwVodWIXNaMsGOfknrZ4mcYbhETk2t6RpfmWUp61nVGeXgo +t1k3DXH93rFyccnEkGI8Y/+zFNN2QuZUx56kq6OF4Z3bhk7tSwA1/RubDRoNEQgF +94eGrKMgCfHhwPcV6KCtigtmXbdzhFQS5hJkvGOBHhVht9KbMrs9zh4RLQARAQAB +tExBcHBBcm1vciBEZXZlbG9wbWVudCBUZWFtIChBcHBBcm1vciBzaWduaW5nIGtl +eSkgPGFwcGFybW9yQGxpc3RzLnVidW50dS5jb20+iQI9BBMBCgAnBQJVMB6wAhsD +BQkPCZwABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEGaJ5k49NmS7Lp4QAIS3 +D070h7N/giZLUsciLedixqLW8bDzDNFLLturd9ng3x3GwEGdEzibh4TASE6fAQAR +x6oW51ndgI5o7ZoNU3I0I/uLPM1B6YscmN9W2SD5oK8uQ7/K5//b8OGLq/cg1ych +O2lAh5jaGAhmfHy1MS4ZPQ9zbuwARddB7ESD81P4XIRvd/XzfsB2xW+k/7IR/P3M +ZQg+GZm6PxgbK6iwlVyWKj1NyTppzxCWu1yljlbq+Noi5LiucbRdG5qCrymnjgwR +kTeFlvBLYP7NDUifP6JsHgxwKbmvrMmFVJTRx2QnsmGv5DA0Evyz8Bof78S4lJQJ +TkfiiBmWUc6VNv3IQ56PqMQ6RlsKdaGUxXlcPekyeWKC5K6r80m8YjJNBQ+RQMlh +OC7AIckqcB/wPk3/iHvuNbJ0oNd/x/BFBgCs1Wlkktah+tc1aYVPvN1MKhChKD++ +RJYZE+BzR3HSgwBE2Oth7s53D+7ZZPtQoQvhxgKBLAlO7rvhlZi1G0id2BaAqris +Bwj/zFztNewOFCplM4cIXN2pRthgTJYSv/lCarnHsenTZ9zqqkWj3OsFPcMeWhtI +p3jyHXbGC9PtzodG51Aefmz0TqUwIvQxXQ6gOTVlGxMK64MweypYLxMOh9bQOMpS +29XKiX1dKB9ThjTJ6cDBKS7tnZ3cRxAHD3ZOGtiIiEYEEBEKAAYFAlUwIioACgkQ +gTeYuayTEnF41wCfVgK6+6dvch7YdkxGYOzkyt2G/EEAoIJq94o9guRD5OWVKS6N +gkjXvKQtiQIcBBABCgAGBQJVMCJMAAoJEC8Jno0AXoH0orQP/Rjx0Mdsorjfir+Y +ahNk5g4y4ZH425usPRMxRARNpZeGu58RLWOmSW5Fv//I95V0GnK8vyl5YuquHBJM +BRN4PR1XqHUqXdzG8zPZLG5elcqyV3cs58QSUyO+6Nbh4OY/VxqcawZYFaL5XE8N +y0qo2zeFcACIgsmuPMGBgkB3LAEJQxYZab6n2uIuMnJVai2DSIO5Ql2XC4mrKZOW +2GG6vlvM/MmrKKD+gFKCoGvoea9wYYb/3Lu/DU7nARGcCYyvX2zRTuasUO95Anm5 +zYxeXMvSJEq36U+xPLliTcT+bZrzf/dK93SSi/B6txYdM1KQhU0/vLQtdtDDQPFO +edvHIVo+UFrve/lNYSmNEcjgd7iAGwFPe7y6dAQs3KQvE70g10KuSVQuYqSVHJ7t +AC0AGHHsBcijFLzsSn9hOve8DSo/Jwjgvb1Rx1wl8RsmegATOik7FnWRsU+2OM9f +/BU3sLXuKWRQFXiVHsEpRO+vKVFVtcdu7BGzuFBnLS26SNP2jKRYIWJ1ea177w82 +vcjX5URSTBSQef0ABuYgzcV3CmTkKmpDmy49X+bpLQjYwX26XVh4Fm8yULTXT+Wc +pyDNf4itO8VSQpzrecBBcNJnyYvKBOuV0ASs4bZ0/ghmfGNHENk18ZQHZQ0pI1vX +eNk5l60Ensk0WWA/sz1732WzhTtRuQINBFUwHrABEACzq2cDh5gGH419PwIGmkxY +rZWyVglmXPI/4sf/dAqyrr/FRkSNW+VZzw/yLVfA4zW9ttYReJsmFKqXpSoF8ci5 +RfZf1fba9xv4I5x4WBGNcaUZzdKm7vMW/reJRDsNw7f6zvL9VlUUtlL8lSnsObbE +yCrI8oMUwJzu8ojFMiUfRfmQ0IQrYC8hFgmMkknsG6gQTrKSX3xDmFPeAaN11TA1 +9thm+GrcEbKvDMiS5RGG924Lmz+67C+hmKc6HRvDPkNp6prDmiMiLkCun6qQQC5b +jdO3yKlEuhxeNcNAxKIEpv5Syy9gEXXT8DeLQmutSHHb1SYSMB6mzX7b+3wtka+E +uCwWk3VrutpOHD0HCJMMtxbLrtlyq8v+3m8v9tyfNBVaeFyR7IEt9ciGiIe5eNw8 +R3E3BRGEIW7ABs55rnA47mmVO6nBGq8VMriLCeVSO7I/D+9enSvcTng78PK99iBW +7e6gbGtGUXLpvx/bu61HpQrnG4DWVJ7jk6W2bbSLclT8DwJDQiN+poamNuoQjqAW +xrxsYPNRsc6/Ro0LJMXAkc0xQqShtXl2pdCdJroj8gXq3i3HpQfDZrjzNbW02gMN +HSCR5QpmGS4UrL8ex+3DYnGUZh/SxMVVVbRQ4dPbO5yTbwDdaQkAenA6Faj4lM7S +jv4ToiG6Ld6c6UMU1B5CVQARAQABiQIlBBgBCgAPBQJVMB6wAhsMBQkPCZwAAAoJ +EGaJ5k49NmS7LfwP/0M+kTh5bviy4rr6OtCUnd/qCob/DBLkbCbHrEZz/+2yUQa1 +IS93BjKrU2umD/CcMEU0F6yltHr7QtFufWEkcz1HvfRru2H1B3rrNxr1cab0ek7K ++456gN5Os2/jP/1L4BsAjAPii1wthpH59z8m333L2uDnkkd8cUTaIW+TBPG2wN2C +OJ+Pgyd9SAaqpVFmO0CoLhWixyK42OJTbm12SyeUq2VlVX+v+S2rql64RZJI9Kcn +N/36kWAgMdDuCpa8XEhJP2DxC8QcFyduP7/ZdYJZNWuiny6VP+HKblP6Imnc6xjz +HXSQauDsp5hUuxz+aLaAJSS1yBA23lfdhf+Yfu4ruMGFICdHXAkRXBt2JFIVskt3 +cL/tBrNEkDi0JG6FzYAS9gLJIyvlJlElgXXF0OZl60kjh254xRDEH5Q8/spBDdzw +0FkHS3hPWjM3sDSSZuX9YAZDzw0wQGM6sl4y+BX8I2JerhF9SIS606NAaT+06kOH +5wa4S51u6XN+UdXoXa6XSo/fqhVHt/5Mu1A90gMkA65ji0X+Xu/Yoo3Ui1Tx584t +qtHJFnDQa4wJbmjB7uzqbpkk7xKFII1vgLayS8MkFvg+lnmjvgr/ve0hoHZnVCSz +md9kZgGkKQfTaGFIZRc24D44tcIL1K20B+cskRqhpee7EGaba7sazdpVk3A0 +=dwg6 -----END PGP PUBLIC KEY BLOCK----- diff --git a/apparmor.spec b/apparmor.spec index 6c73587..75a2e63 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -60,7 +60,7 @@ Name: apparmor %if ! %{?distro:1}0 %define distro suse %endif -Version: 2.9.1 +Version: 2.9.2 Release: 0 Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -97,12 +97,6 @@ Patch6: apparmor-abstractions-no-multiline.diff # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21) Patch7: apparmor-lessopen-profile.patch -# upstream changes since the 2.9.1 release - bzr diff -r2832..2839 (2.9 branch) -Patch8: apparmor-changes-since-2.9.1.diff - -# fix build with GCC 5 due to bad ostream use -Patch9: apparmor-fix-stl-ostream.diff - # update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201) Patch10: samba-4.2-profiles.diff @@ -451,8 +445,6 @@ SubDomain. %patch6 %patch7 -p1 -%patch8 -%patch9 %patch10 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"